Progress Software has disclosed a third vulnerability affecting its MOVEit Transfer application, alongside reports of the Cl0p cybercrime gang employing extortion tactics against targeted companies. The newly identified flaw, yet to be assigned a CVE identifier, involves an SQL injection vulnerability that could grant unauthorized access and escalated privileges within the affected environment.
To protect their systems while awaiting a patch, Progress Software urges customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443. Additionally, the Cl0p actors have listed the names of 27 allegedly hacked companies, including several US federal agencies, further emphasizing the severity of the situation.
According to Censys, a web-based search platform, out of over 1,400 exposed hosts running MOVEit, nearly 31% belong to the financial services industry, 16% to healthcare, 9% to information technology, and 8% to government and military sectors. The majority of these servers, accounting for approximately 80%, are based in the United States. These statistics highlight the wide-ranging impact of the vulnerability, with critical sectors being affected and potentially exposed to unauthorized access and data breaches.
In a broader context, Kaspersky’s analysis of malware-as-a-service (MaaS) activities between 2015 and 2022 reveals that ransomware holds the largest share at 58%, followed by information stealers at 24%, and botnets, loaders, and backdoors at 18%. The report emphasizes the financial motivation behind cybercrime, with the MaaS model enabling less technically proficient attackers to participate in malicious activities. By lowering the entry barrier, cybercriminals can exploit vulnerabilities like the one found in MOVEit Transfer and carry out attacks for financial gain.
As the situation unfolds, affected companies must remain vigilant, implementing the recommended precautions while awaiting the release of a patch from Progress Software. It is crucial for organizations to prioritize cybersecurity measures, regularly update software, and maintain strong defensive strategies to mitigate the risk of cyber threats and protect sensitive data from falling into the wrong hands.
